Router:Linux - Debian: Difference between revisions
Content deleted Content added
m Even more formatting fixes... |
m Even more formatting fixes (still) |
||
| Line 206: | Line 206: | ||
iptables -t nat -X |
iptables -t nat -X |
||
iptables -t mangle -X |
iptables -t mangle -X |
||
| ⚫ | |||
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed |
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed |
||
# but allow outbound traffic by default |
# but allow outbound traffic by default |
||
| Line 235: | Line 235: | ||
ip6tables -F |
ip6tables -F |
||
ip6tables -X |
ip6tables -X |
||
| ⚫ | |||
# set up default IPv6 policies |
# set up default IPv6 policies |
||
ip6tables -P FORWARD DROP |
ip6tables -P FORWARD DROP |
||
| Line 253: | Line 253: | ||
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT |
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT |
||
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT |
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT |
||
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules |
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules |
||
apt-get install iptables-persistent |
apt-get install iptables-persistent |
||
systemctl enable netfilter-persistent |
systemctl enable netfilter-persistent |
||
| ⚫ | |||
== A block of IPv4 addresses == |
== A block of IPv4 addresses == |
||
| Line 316: | Line 315: | ||
iptables -t nat -F |
iptables -t nat -F |
||
iptables -t mangle -F |
iptables -t mangle -F |
||
iptables -t filter -X |
iptables -t filter -X |
||
iptables -t nat -X |
iptables -t nat -X |
||
iptables -t mangle -X |
iptables -t mangle -X |
||
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed |
# set up default traffic policies - drop all incoming and forwarded traffic except any that is explicitly allowed |
||
# but allow outbound traffic by default |
# but allow outbound traffic by default |
||
| Line 346: | Line 345: | ||
ip6tables -F |
ip6tables -F |
||
ip6tables -X |
ip6tables -X |
||
# set up default IPv6 policies |
# set up default IPv6 policies |
||
ip6tables -P FORWARD DROP |
ip6tables -P FORWARD DROP |
||
| Line 364: | Line 363: | ||
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT |
ip6tables -A FORWARD -i pppoe-aaisp -o eth1 -m state --state RELATED,ESTABLISHED -m comment --comment "Allow related & return traffic WAN -> LAN" -j ACCEPT |
||
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT |
ip6tables -A FORWARD -m comment --comment "Reject remaining forwarding traffic" -j REJECT |
||
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules |
# Now install iptables-persistent. When asked, choose "YES" to save existing IPv4 and IPv6 rules |
||
apt-get install iptables-persistent |
apt-get install iptables-persistent |
||
systemctl enable netfilter-persistent |
systemctl enable netfilter-persistent |
||
| ⚫ | |||
= Appendicies = |
= Appendicies = |
||